@@ -121,89 +121,6 @@ Using ``@Security``, this looks like:
121121 // ...
122122 }
123123
124-
125- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
126-
127- If your security logic is a little bit more complex, you can use an `expression `_
128- inside ``@Security ``. In the following example, a user can only access the
129- controller if their email matches the value returned by the ``getAuthorEmail ``
130- method on the ``Post `` object:
131-
132- .. code-block :: php
133-
134- use AppBundle\Entity\Post;
135- use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
136- use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
137-
138- /**
139- * @Route("/{id}/edit", name="admin_post_edit")
140- * @Security("user.getEmail() == post.getAuthorEmail()")
141- */
142- public function editAction(Post $post)
143- {
144- // ...
145- }
146-
147- ParamConverter `_, which automatically
148- queries for the ``Post `` object and puts it on the ``$post `` argument. This
149- is what makes it possible to use the ``post `` variable in the expression.
150-
151- This has one major drawback: an expression in an annotation cannot easily
152- be reused in other parts of the application. Imagine that you want to add
153- a link in a template that will only be seen by authors. Right now you'll
154- need to repeat the expression code using Twig syntax:
155-
156- .. code-block :: html+jinja
157-
158- {% if app.user and app.user.email == post.authorEmail %}
159- <a href=""> ... </a>
160- {% endif %}
161-
162- The easiest solution - if your logic is simple enough - is to add a new method
163- to the ``Post `` entity that checks if a given user is its author:
164-
165- .. code-block :: php
166-
167- // src/AppBundle/Entity/Post.php
168- // ...
169-
170- class Post
171- {
172- // ...
173-
174- /**
175- * Is the given User the author of this Post?
176- *
177- * @return bool
178- */
179- public function isAuthor(User $user = null)
180- {
181- return $user && $user->getEmail() == $this->getAuthorEmail();
182- }
183- }
184-
185-
186-
187- .. code-block :: php
188-
189- use AppBundle\Entity\Post;
190- use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
191-
192- /**
193- * @Route("/{id}/edit", name="admin_post_edit")
194- * @Security("post.isAuthor(user)")
195- */
196- public function editAction(Post $post)
197- {
198- // ...
199- }
200-
201- code-block :: html+jinja
202-
203- {% if post.isAuthor(app.user) %}
204- <a href=""> ... </a>
205- {% endif %}
206-
207124best-practices-directy-isGranted :
208125
209126Checking Permissions without @Security
@@ -349,13 +266,11 @@ develop `your own user provider`_ and `your own authentication provider`_.
349266
350267.. _`Security Cookbook Section` : http://symfony.com/doc/current/cookbook/security/index.html
351268.. _`security.yml` : http://symfony.com/doc/current/reference/configuration/security.html
352- .. _`ParamConverter` : http://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/annotations/converters.html
353269.. _`@Security annotation` : http://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/annotations/security.html
354270.. _`security.yml` : http://symfony.com/doc/current/reference/configuration/security.html
355271.. _`security voter` : http://symfony.com/doc/current/cookbook/security/voters_data_permission.html
356272.. _`Acces Control List` : http://symfony.com/doc/current/cookbook/security/acl.html
357273.. _`ACL's` : http://symfony.com/doc/current/cookbook/security/acl.html
358- .. _`expression` : http://symfony.com/doc/current/components/expression_language/introduction.html
359274.. _`FOSUserBundle` : https://github.com/FriendsOfSymfony/FOSUserBundle
360275.. _`Remember Me feature` : http://symfony.com/doc/current/cookbook/security/remember_me.html
361276.. _`impersonate users` : http://symfony.com/doc/current/cookbook/security/impersonating_user.html
0 commit comments